|
By Alex McConnell
As Black Friday approaches, retailers are gearing up for the inevitable surge in online traffic. But cybercriminals are also preparing for this high-stakes season, fine-tuning their bot attack strategies to exploit inventory, pricing, and customer accounts. To shed light on these threats and what retailers can do to prepare, we consulted five experts from Netacea who shared their insights on the bot attack landscape during Black Friday and beyond.
|
By Threat Research Team
Welcome back to our Evolution of Scalper Bots series from the Netacea Threat Intel Center. In our previous blog, we reviewed the early days of anti-bot legislation and its limitations, especially around ticket scalping. Traditional defenses like CAPTCHA quickly became insufficient, which spurred the development of bot management solutions.
|
By Alex McConnell
Bot attacks are evolving to become more sophisticated. Attackers have built businesses around the data and assets they extract with bots, so they constantly seek ways to bypass defenses. Developers work tirelessly to assess bot defenses and find new methods to evade them. Traditional, client-side defenses are visible to attackers, making it easier for them to bypass. But even advanced defenses must stay alert, embedding bot expertise to keep pace with these evolving tactics.
|
By Threat Research Team
Welcome back to our Evolution of Scalper Bots series. In our last post, we explored how scalper bots expanded into new markets from 2010 to 2014. We saw the scalper bot industry rise and a technological arms race begin between developers and retailers. As we delve into the period of 2015 to 2017, this battle intensifies. Scalper bots become more sophisticated, retailers implement new countermeasures, and legal challenges emerge.
|
By Alex McConnell
Content scraping is on the rise. While it can benefit your business in some cases, it can also lead to lost revenue, degraded website performance, and content theft. Web scraping is a hot topic in tech news. This trend links to the rise in AI tools, specifically LLMs (large language models), which rely on content to generate their outputs. They scrape content from across the web to train these algorithms. This is a controversial subject with moral, technical, and legal implications.
|
By Alex McConnell
As a security professional considering a robust bot defense strategy, it’s important to understand the ever-evolving nature of bot threats and the critical need for a scalable, robust solution. Traditionally, businesses rely on agent-based bot management solutions, also known as client-side or front-end detection, by deploying small pieces of software (agents) on customer devices to detect malicious activity. However, these approaches carry significant risks.
|
By Alex McConnell
At 8:00 on Saturday, 31st August 2024, millions of people were poised to be part of pop culture history. Four days earlier, on 27th August, seminal Britpop heavyweights Oasis shocked the music world by finally confirming their long-awaited reunion. The reconciliation of brothers Liam and Noel Gallagher sent fans into a frenzy. For millions worldwide, it was essential to get tickets to one of the 17 announced gigs. The demand was enormous.
|
By Threat Research Team
Welcome back to the next blog in our Evolution of Scalping series. During our last blog we covered the landmark case that exposed the power of automated purchasing – Wiseguy Tickets. We detailed their operation and their use of bots, which allowed them to snatch up huge volumes of available tickets for high-demand events.
|
By Threat Research Team
Welcome back to our Evolution of Scalper Bots series. In part one, the Origins of Scalping, we started our journey through scalping’s long history. We saw that it is far from a new concept: people have been reselling high-demand items for centuries, from as far back as 325 BCE! We’ll continue our journey at the turn of the 21st Century. With the advent of online ticketing, a new frontier had just been opened for scalpers, and things would never be the same again.
|
By Alex McConnell
In recent weeks we’ve covered how criminals use bots to steal accounts across the web. Credential stuffing tools make this easy and quick to do. If you missed it, watch a live demo of the process in this webinar. In this post we’ll look in more detail at what happens next. How do criminals monetize stolen accounts? To answer this, we’ll use the example of streaming services – one of the quickest and easiest commodities for crooks to shift and make a quick profit.
|
By Netacea
In this insightful episode, Stuart Seymour, Group CISO and CSO at Virgin Media O2, joins Andrew Ash (CISO, Netacea) to discuss how his experience as a British Army Captain shaped his unique leadership style in cybersecurity. Stuart also shares his passion for building diverse, neurodiverse teams, drawing from his own experience with dyslexia. He dives into the growing importance of AI in SOCs and the complex challenges of navigating global cybersecurity regulations. A must-listen for anyone looking to understand the evolving role of a CISO in today's landscape.
|
By Netacea
He's why Netacea was designed to never need client-side technology, offering a more secure option for bot management.
|
By Netacea
Learn more about Netacea Threat Intel Feeds, including how our customers use them to harden existing defenses, from Netacea CTO & co-founder Andy Still. This video explains how Netacea ensures the accuracy of its threat intelligence, the methods of data distribution, and the practical uses of Threat Intel Feeds in blocking malicious traffic and aiding in decision-making processes.
|
By Netacea
Netacea bot experts discuss the challenges around the Oasis reunion tour ticket sales, focusing on the issues caused by bots and scalping in high-demand events.
|
By Netacea
This webinar introduces Netacea Threat Intel Feeds—a tool to harden your defenses against automated attacks using real-world threat data. Join James Middleton, Andy Still, and Cyril Noel-Tagoe as they explore how Netacea processes trillions of requests daily, enabling Threat Intel Feeds to identify and stop attack traffic in real-time, so you can squeeze more value out of your existing edge defenses.
|
By Netacea
Netacea bot experts discuss the challenges around the Oasis reunion tour ticket sales, focusing on the issues caused by bots and scalping in high-demand events. The discussion explores the technical difficulties of managing ticket sales, the tactics used by bot operators to secure tickets, and the broader implications for the industry. The team also discuss why current methods to prevent bot activity often fail and why a multi-pronged strategy combining real-time detection, post-transaction analysis, and clamping down on secondary markets is critical.
|
By Netacea
Netacea CISO Andrew Ash welcomes two special guests to the podcast this month to talk about AI adoption and managing third party risk: Thomas Ballin (CTO, Cytix) and Haydn Brooks (CEO, Risk Ledger).
|
By Netacea
To start this month’s episode, we once again weigh in on AI – this time considering the privacy implications when feeding prompts into generative AI tools like ChatGPT and Bard. We’ll discuss whether it’s safe to share company IP or your own personal information into such tools, before hearing how we approach this at Netacea from Principal Software Engineer John Beech.
|
By Netacea
This month’s episode takes off with a journey into the controversial world of skiplagging, also known as hidden city flying. Airlines and holiday businesses are taking legal action against passengers and websites like Skiplagged that exploit pricing loopholes, leaving empty seats on the second leg of multi-stop itineraries. But with scraper bots at the root of the issue, is there a technical solution to limit the practice?
|
By Netacea
This month we begin by examining the 2023 National Risk Register, a public version of the National Security Risk Assessment, which assesses the most serious risks to lives, health, society, critical infrastructure, economy and sovereignty. Cyber-attacks on infrastructure are listed as moderate impact – Our panel discusses how businesses can use the information within the report to prepare for attacks and keep our critical infrastructure as secure as possible.
|
By Netacea
In 2019 we saw more credential stuffing, sniper and scraper bot attacks targeting websites, mobile apps and APIs alike. The shift in attack vectors and scale of attacks highlights an urgent need for a sophisticated solution that protects businesses and customers from the growing malicious bot threat. Understanding the intent of bad bots vs. humans or good bots is vital as all industries face new challenges in acquiring the necessary visibility of their traffic, and subsequent analysis required for rapid and effective attack response that doesn't sacrifice the user experience.
|
By Netacea
Are you seeing the full picture when it comes to web and application security? Without fast and accurate data at your fingertips from the best bot management, it's increasingly difficult to differentiate human from automated bot traffic on your web-facing applications. Credential stuffing, account fraud and scraping attacks are a multi-billion-dollar business¹, with the scope for earning made increasingly simple by the vast number of internet users, availability of login credentials and the sheer volume of connected devices.
|
By Netacea
The second Payment Services Directive (PSD2) is a data-driven legislation introduced by the European Union (EU) in 2015, with which all payment service providers (PSPs) throughout the EU and beyond must comply. PSD2 expands the scope of 2007's PSD, a directive implemented to make payments across borders as easy, secure and inexpensive as domestic payments. However, a short eight years later, innovations in technology and the prevalence of fintech have created new challenges for the payments industry to address.
|
By Netacea
Web traffic is made up of human and non-human visitors, but not all these sources are safe. Sophisticated bot traffic is on the rise and it is becoming increasingly difficult to differentiate the criminal from real customers. Download your free copy of 'The Managing and Mitigating Bots' Guide and learn about.
|
By Netacea
In 2017 Black Friday was the single largest cause of web traffic peaks and website outages in the retail industry. Even a 1-second delay in load time can result in a 7% loss in conversions.
- November 2024 (3)
- October 2024 (3)
- September 2024 (8)
- August 2024 (5)
- July 2024 (3)
- June 2024 (2)
- May 2024 (2)
- April 2024 (1)
- March 2024 (3)
- February 2024 (3)
- December 2023 (1)
- November 2023 (4)
- October 2023 (3)
- September 2023 (6)
- August 2023 (5)
- July 2023 (4)
- June 2023 (2)
- May 2023 (2)
- April 2023 (1)
- February 2023 (3)
- January 2023 (1)
- December 2022 (2)
- November 2022 (10)
- October 2022 (6)
- September 2022 (11)
- August 2022 (7)
- July 2022 (4)
- June 2022 (7)
- May 2022 (1)
- April 2022 (5)
- March 2022 (3)
- February 2022 (11)
- January 2022 (9)
- December 2021 (9)
- November 2021 (5)
- October 2021 (5)
- September 2021 (23)
- August 2021 (7)
- July 2021 (4)
- June 2021 (6)
- May 2021 (9)
- April 2021 (10)
- March 2021 (4)
- February 2021 (3)
- January 2021 (1)
- December 2020 (2)
- November 2020 (6)
- October 2020 (18)
- September 2020 (3)
- August 2020 (2)
- July 2020 (1)
- June 2020 (3)
- May 2020 (1)
- April 2020 (1)
- April 2019 (1)
- October 2018 (2)
- August 2018 (2)
Netacea provides a revolutionary bot management solution that protects websites, mobile apps and APIs from malicious attacks such as scraping, credential stuffing and account takeover.
Our Intent Analytics™ engine, powered by machine learning, quickly and accurately distinguishes bots from humans to protect websites, mobile apps and APIs from automated threats while prioritising genuine users. Actionable intelligence with data-rich visualisations empowers you to make informed decisions about your traffic.
We Prevent Sophisticated Automated Threats:
- Account Takeover: Stop account takeover by identifying account-based attacks.
- Credential Stuffing: Prevent data breaches and protect your website from credential stuffing attacks.
- Fake Account Creation: Prevent fake account fraud by identifying bot accounts, fake account creation and mass account registration.
- Web Scraping: Identify and block web scrapers and scraping attacks made to compromise your website.
- Ad/Click Fraud: Identify ad fraud to reduce wasted spend and prevent ad bots from illegitimately displaying or accessing ads.
- Skewed Marketing Analytics: Prevent bots from stealing your marketing budget and skewing your analytics.
A Smarter Approach to Bot Management.